Tuesday, January 12, 2016

A Primer on Bitcoin "Mining"

A friend asked me to explain, in a simplified manner, how important the "mining" process is to Bitcoin (and its alt-coin forks), and whether that process is integral. This post an attempt to answer that question only, without going into all the details of how Bitcoin works.


The first thing to understand is that Bitcoin is an amalgam of cryptographic tools, each with their own purpose. Each tool solves a particular problem that decentralized ledgers have. The mining process is integral to solving Sybil attacks.

A Sybil attack is something that can happen to any system where enrollment is open to all parties and there is no trusted moderator to authorize identities. Since anyone can sign up, individuals who want to attack the system can create thousands of accounts and flood the system with false information, or spam. This is exactly what happens to email systems, which are federated and have no central authority, and thus spam filtering is an essential part of any useful email service.

The most common type of spam filter (such as Gmail uses) is based on pattern recognition. Machine learning algorithms rely on users to flag emails as spam and then as enough data is gathered, begins to automatically filter emails that are similar into your spam folder. This is considered "good enough" for most email systems, as the cost a user pays for receiving a spam email in their main Inbox is usually just the few seconds of their time it takes to recognize it as spam and mark it as such.

Back in 1997, a cryptographer named Adam Back came up with a different type of spam filter, which he called Hashcash. The central idea of Hashcash is that email senders would be required to attach a cryptographic hash to each sent email that represented an amount of useless work; a deliberate waste of computing resources. Back called this attachment "Proof of Work". Email servers receiving email would be able to quickly and easily check whether the Proof of Work was legitimate, and would automatically delete any email that didn't check out. The idea was that if the wasted resources exceeded the ROI of sending spam, spam would stop. And spam has a very, very low ROI per email. It would only require wasting a few cents (or maybe fractions thereof) worth of computing resources to kill spam for good. Receiving email servers could also set the level of Proof of Work they required to pass email on, so maybe users who got spam when the filter was set to 0.1 cents would increase the barrier to 1 cent.

Unfortunately, internet users really like "free" email supported by ads, and really don't like paying postage to send emails (even a few tenths of a cent), so Hashcash never caught on as a spam-fighting tool.

Satoshi Nakamoto (Bitcoin's pseudonymous developer) saw the usefulness of Hashcash though, and incorporated it into Bitcoin. Generating the "Proof of Work" was assigned to the parties to the Bitcoin protocol called "Miners". They waste tremendous computing resources (and electricity) to generate insane amounts of Proof of Work, only instead of attaching the Proof of Work to an email they attach it to a block of Bitcoin transactions. The other Miners (and the Bitcoin nodes, which do not mine) check the Proof of Work for validity, and assuming it checks out everyone adds the block to their copy of Bitcoin's blockchain.

The point of Miners producing Proof of Work is for the same reason Back attached Proof of Work to emails - to prevent spam. Only in Bitcoin's case, spam isn't a bad email, it's a bad financial transaction. Specifically, without mining someone could spend the same Bitcoin twice, which is called a double-spending attack. A Bitcoin spammer could send their Bitcoins to you, but they could also simultaneously send them to any number of other parties (including themselves!). This sort of attack would increase the number of bitcoins in circulation with each fraudulent transaction, setting the Bitcoin ecosystem into a death-spiral of hyperinflation.

The way that Proof of Work prevents double-spending is a bit more involved. The bare essentials of what you need to know is that when you "hash" a digital file, you're essentially creating a unique string of characters that "represents" that file. Change even one bit of the file and the hash string also changes. Therefore you can easily and verifiably pair digital files and hash strings. The Bitcoin miners attach hashes of the previous block of transactions into each new block, which creates a verifiable "chain" of transaction blocks, each provably leading from one to the next. You can't download the Blockchain, change a few transactions in a block from the day before, and present it to another node as proof you own those bitcoins, because if you altered block 25,115 to give yourself money, the hash of your altered 25,115 would not match the hash of block 25,115 that's in block 25,116. Your transaction would be automatically rejected as invalid.

Of course if the most recent block in existence is 25,116, you could send the same bitcoins to both Bob and Chris. They, after all, have no block 25,117 to compare it to, so assuming that Bob and Chris are not in contact with each other, they would both think that the transfer to them was legitimate. However, when you broadcast both of the transaction to Bob and Chris, the miners competing to produce block 25,117 would recognize that the two transactions contradict each other, and would discard one of them (usually the one with the lower fee, or if the fees were identical, they'd just discard one at random). That's why people who receive bitcoins are advised to not treat a payment as "final" until it is several blocks "deep" into the established blockchain. Assuming Bob and Chris are prudent and risk-averse merchants, they would wait until at least block 25,120 before sending to you whatever you were trying to buy with the bitcoins. (And the one whose transaction was not included in the blockchain might be pretty mad)

Simply put, without the Mining process, Bitcoin would not be both a (1) secure and (2) open, system for transferring value. Some protocols, such as Ripple, have dispensed with mining, but they necessarily also had to dispense with "open". The Ripple protocol is a closed protocol that is entirely controlled by a trusted central party. The "blockchain" initiatives many banks are working on are the same. That's fine for some applications, but not if you're worried about that central party getting hacked by gangs or subject to a legal injunction impounding all your assets. If you want money with censorship resistances, you need it to be decentralized and secure. Some new cryptocurrencies, in an attempt to remain decentralized, secure, and open without the wastefulness of Proof of Work, are trying to replace Proof of Work with a different protocol called Proof of Stake. The security provided by Proof of Stake has not been proven yet however.

No comments:

Post a Comment